Last week, two Pixel owners said that their devices were illegally accessed after being sent to Google for repairs. This led to speculation that Google is now responding to one of the respondents in a statement.
“After a thorough investigation, we can say with confidence that the issue impacting the user was not related to the device RMA [Return Merchandise Authorization] … We have worked closely with the user to better understand what occurred and how best to secure the account going forward,” Google spokesperson Alex Moriconi told The Verge (via).
This statement addresses the allegations made by game designer and The New York Times bestselling author, Jane McGonigal. She said that her Pixel “disappeared” after being sent to Google for repairs.
While the hijackers couldn’t access the images on the phone, they did manage to get into McGonigal’s Dropbox and Gmail accounts. The individuals also managed to erase or hide security messages sent to her email. McGonigal’s activity records showed that the culprits gained access to images of her “in bathing suits, sports bras, form-fitting dresses, and of stitches after surgery.”
The first complaint came from an anonymous user on Reddit
McGonigal’s revelation came in the backdrop of a Reddit post stating how a Pixel sent to Google for warranty service was illegally accessed. The post went up on December 1 under the r/legaladvice subreddit.
The Reddit user’s wife sent her broken Pixel to Google for an RMA or Return Merchandise Authorization. The phone didn’t have a screen lock or PIN. Moreover, wiping the device wasn’t an option as it couldn’t power on. A month after sending the device for repairs, the hijacker reportedly got into the social media account of his wife. The horror didn’t stop there as the culprit then posted inappropriate images of the couple on that social media account.
The culprit also got into the PayPal app and reportedly stole $5. The user managed to track down the unauthorized logins to a unit in Texas using Google’s Find My Device service. This location also happens to be where Google sent the phone for repair. Subsequently, the user approached the police about these concerns.
Although the original Reddit post no longer exists, this is a harrowing ordeal that nobody should go through, especially when sending their devices to Google.
To ensure your devices are always safe from hacks, we suggest enabling 2-Step Verification for your Google account. Make sure to enable this standard for every online account that contains sensitive information. Google recommends backing up and erasing your device before sending it in for repairs. However, this is impossible to do when the screen/display is inaccessible.